Dynamic DB secret implementation from application perspective


I’m still new with vault. We deployed vault into a kubernetes cluster with vault injector. The injector works and the vault agent is able to pull the secret.

We are wondering on use dynamic DB secret for applications. Applications sometime run for a long period of time in production environment. Is it possible to have the dynamic DB secret not to expire? The vault agent will handle the renewal process and not get a new lease for the dynamic secret (new db username and password). I think there is a max ttl that governs if a lease is renewable or not.